TRX Wallet Account Permission Change Scam
- Token Trace
- Nov 27, 2023
- 2 min read
When it comes to Tron(TRX) wallets, the multisig characteristic of "Owner Permission" and "Active Permission" is crucial for users to manage their funds properly. This article explores a deceptive scam wherein unsuspecting users unwittingly relinquish their Owner Permission, falling victim to manipulations that render them powerless to control or transfer their assets.
When dealing with Tron (TRX) accounts, two pivotal permissions govern the user experience: "Owner Permission" and "Active Permission."
The Owner Permission stands as the key to complete control over an account, enabling the address with this permission to execute all account operations. Conversely, an address holding Active Permission is constrained to specific actions, such as TRX transfers and asset freezing.
Once the Owner Permission has been handed over to a third party, it results in an error message for the victim when they try to send funds out of their TRX wallet.
The question naturally arises: why would users willingly relinquish such a vital permission? Let's delve into a scenario that illustrates this precarious situation:
Imagine Sam, an unsuspecting user, lends $5000 to an online acquaintance who, in return, gives Sam a seed phrase of a wallet containing an equivalent amount of cryptocurrency. Post-importing the seed phrase, Sam sees the $5000 worth of crypto assets in the wallet but is met with an error when attempting to send them.
The scammer, adeptly posing as Sam's online friend, altered the account permissions of the TRX wallet before handing over the seed phrase. Consequently, despite possessing the seed phrase, Sam finds himself powerless to move the assets, as the Owner Permission now exclusively belongs to the scammer. An example of this is shown below: https://tronscan.org/#/address/TPpAzAmpY5PAJ72XtSKVayfCcHfRHevMPu
You can see that the wallet address (circled in red) is different from the account permissions (Circled in blue).
So this means the wallet account (TPpAzAmpY5PAJ72XtSKVayfCcHfRHevMPu) cannot send funds out of the wallet without having the approval from wallet (TYgYr17S9Zi1DocuuBCNiPLw6vq8VnEjAU)
As the landscape of crypto scams evolves, so do the tactics of scammers. Recent iterations of these schemes involve a heightened level of sophistication, with scammers now resorting to tricking individuals into willingly exposing their seed phrases.
In conclusion, navigating the crypto space demands a vigilant approach. Understanding the nuances of TRX account permissions is pivotal in safeguarding one's assets from the ever-evolving landscape of scams. It is imperative for users to exercise caution, verify sources meticulously, and be aware of the potential risks associated with sharing sensitive information or altering account permissions.
